CVE-2022-22821

MEDIUM4.4EPSS 0.15%

Path Traversal in nemo-toolkit

發布日:2022/1/11修改日:2026/3/13

描述

NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.

受影響套件(2)

PyPI/nemo-toolkitfrom 0, < 1.6.0
PyPI/nemo-toolkitfrom 0, < 1.6.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-22821
PATCHhttps://github.com/NVIDIA/NeMo
WEBhttps://github.com/NVIDIA/NeMo/commit/f7e4ed7e4f7f2fa43765a38c2fafa1b6d1ebd7c0
WEBhttps://github.com/NVIDIA/NeMo/security/advisories/GHSA-rpx7-33j2-xx9x